| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Nov 2020 10:06:20 +0100
From: David Hildenbrand <david@...hat.com>
To: Michal Hocko <mhocko@...e.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Andrew Morton <akpm@...ux-foundation.org>,
Alexander Potapenko <glider@...gle.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Vlastimil Babka <vbabka@...e.cz>,
Mike Rapoport <rppt@...ux.ibm.com>,
Oscar Salvador <osalvador@...e.de>,
Kees Cook <keescook@...omium.org>,
Michael Ellerman <mpe@...erman.id.au>
Subject: Re: [PATCH v1] mm/page_alloc: clear pages in alloc_contig_pages()
with init_on_alloc=1 or __GFP_ZERO
On 11.11.20 09:47, Michal Hocko wrote:
> On Tue 10-11-20 20:32:40, David Hildenbrand wrote:
>> commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and
>> init_on_free=1 boot options") resulted with init_on_alloc=1 in all pages
>> leaving the buddy via alloc_pages() and friends to be
>> initialized/cleared/zeroed on allocation.
>>
>> However, the same logic is currently not applied to
>> alloc_contig_pages(): allocated pages leaving the buddy aren't cleared
>> with init_on_alloc=1 and init_on_free=0. Let's also properly clear
>> pages on that allocation path and add support for __GFP_ZERO.
>
> AFAIR we do not have any user for __GFP_ZERO right? Not that this is
Sorry, I had extended information under "---" but accidentally
regenerated the patch before sending it out.
__GFP_ZERO is not used yet. It's intended to be used in
https://lkml.kernel.org/r/20201029162718.29910-1-david@redhat.com
and I can move that change into a separate patch if desired.
> harmful but it is better to call that explicitly because a missing
> implementation would be a real problem and as such a bug fix.
>
> I am also not sure handling init_on_free at the higher level is good.
> As we have discussed recently the primary point of this feature is to
> add clearing at very few well defined entry points rather than spill it over
> many places. In this case the entry point for the allocator is
> __isolate_free_page which removes pages from the page allocator. I
> haven't checked how much this is used elsewhere but I would expect
> init_on_alloc to be handled there.
Well, this is the entry point to our range allocator, which lives in
page_alloc.c - used by actual high-level allocators (CMA, gigantic
pages, etc). It's just a matter of taste where we want to have that
handling exactly inside our allocator.
isolate_freepages_range()->split_map_pages() does the post_alloc_hook
call. As we certainly don't want to zero pages during compaction, we
could either pass the gfp_mask/"bool clear" down to that functions and
handle it in there, or handle it in isolate_freepages_range(), after the
->split_map_pages() call. Whatever you prefer.
Thanks!
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists